OI Safe: Implement secure delete for encryption / decryption of files.

git-svn-id: http://openintents.googlecode.com/svn/trunk/Safe@2012 72b678ce-9140-0410-bee8-679b907dd61a

diff --git a/src/org/openintents/safe/CryptoHelper.java b/src/org/openintents/safe/CryptoHelper.java
index 9400f74050f42f1e4b8bd64ffa38e5fe83d52a60..1d289b532e0b31c46c144c1c059bb8018b0e8802 100644 (file)
--- a/src/org/openintents/safe/CryptoHelper.java
+++ b/src/org/openintents/safe/CryptoHelper.java
@@ -41,6 +41,8 @@ import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;\r
 import javax.crypto.spec.PBEParameterSpec;\r
 \r
+import org.openintents.util.SecureDelete;\r
+\r
 import android.content.ContentResolver;\r
 import android.net.Uri;\r
 import android.os.Environment;\r
@@ -657,6 +659,9 @@ public class CryptoHelper {
                                is.close();\r
                                os.close();\r
                                \r
+                               // Securely delete the original file:\r
+                               SecureDelete.delete(new File(fileUri.getPath()));\r
+                               \r
                    } catch (ESJException e) {\r
                                Log.e(TAG, "Error encrypting file", e);\r
                }\r
@@ -796,6 +801,9 @@ public class CryptoHelper {
                                // Close the input stream and return bytes\r
                                is.close();\r
                                os.close();\r
+\r
+                               // Securely delete the original file:\r
+                               SecureDelete.delete(new File(fileUri.getPath()));\r
                                \r
                    } catch (ESJException e) {\r
                                Log.e(TAG, "Error encrypting file", e);\r

diff --git a/src/org/openintents/util/SecureDelete.java b/src/org/openintents/util/SecureDelete.java
new file mode 100644 (file)
index 0000000..ef3372c
--- /dev/null
+++ b/src/org/openintents/util/SecureDelete.java
@@ -0,0 +1,84 @@
+package org.openintents.util;\r
+\r
+import java.io.File;\r
+import java.io.FileNotFoundException;\r
+import java.io.IOException;\r
+import java.io.RandomAccessFile;\r
+import java.nio.MappedByteBuffer;\r
+import java.nio.channels.FileChannel;\r
+import java.security.SecureRandom;\r
+\r
+import estreamj.ciphers.trivium.Trivium;\r
+import estreamj.framework.ESJException;\r
+\r
+import android.util.Log;\r
+\r
+/**\r
+ * Secure file delete.\r
+ * \r
+ * @author Peli\r
+ *\r
+ */\r
+public class SecureDelete {\r
+       private static final String TAG = "SecureDelete";\r
+\r
+       /**\r
+        * Securely delete a file.\r
+        * \r
+        * Currently, there is only 1 pass that overwrites the file first\r
+        * with a random bit stream generated by Trivium.\r
+        * \r
+        * @param file\r
+        * @return true if this File was deleted, false otherwise.\r
+        */\r
+       public static boolean delete(File file) {\r
+\r
+               if (file.exists()) {\r
+                       SecureRandom random = new SecureRandom();\r
+\r
+                       Trivium tri = new Trivium();\r
+                       \r
+                       try {\r
+                               RandomAccessFile raf = new RandomAccessFile(file, "rw");\r
+                               FileChannel channel = raf.getChannel();\r
+                               MappedByteBuffer buffer = channel.map(\r
+                                               FileChannel.MapMode.READ_WRITE, 0, raf.length());\r
+\r
+                               byte[] key = new byte[10];\r
+                               byte[] nonce = new byte[10];\r
+                               random.nextBytes(key);\r
+                               random.nextBytes(nonce);\r
+                               \r
+                           tri.setupKey(Trivium.MODE_DECRYPT,\r
+                                       key, 0);\r
+                               tri.setupNonce(nonce, 0);\r
+\r
+                               int buffersize = 1024;\r
+                               byte[] bytes = new byte[1024];\r
+                               \r
+                               // overwrite with random numbers\r
+                               while (buffer.hasRemaining()) {\r
+                                       int max = buffer.limit() - buffer.position();\r
+                                       if (max > buffersize) max = buffersize;\r
+                                       //random.nextBytes(bytes);\r
+\r
+                                   tri.process(bytes, 0,\r
+                                               bytes, 0, max);\r
+                                   \r
+                                       buffer.put(bytes, 0, max);\r
+                               }\r
+                               buffer.force();\r
+                               buffer.rewind();\r
+\r
+                       } catch (FileNotFoundException e) {\r
+                               Log.d(TAG, "FileNotFoundException", e);\r
+                       } catch (IOException e) {\r
+                               Log.d(TAG, "IOException", e);\r
+                       } catch (ESJException e) {\r
+                               Log.d(TAG, "ESJException", e);\r
+                       }\r
+                       return file.delete();\r
+               }\r
+               return false;\r
+       }\r
+}\r